Implement APWG phishing reporting feature

Author: Grandi0z

modules/core/handler_modules.php

@@ -1043,6 +1043,15 @@ public function process() {
             });
         }
 
+        // Process APWG settings
+        if (array_key_exists('apwg_settings', $this->request->post)) {
+            $apwg = $this->request->post['apwg_settings'];
+            $new_settings['apwg_enabled_setting'] = isset($apwg['enabled']);
+            $set_setting('apwg_from_email_setting', $apwg['from_email'] ?? '', function($v) {
+                return filter_var($v, FILTER_VALIDATE_EMAIL);
+            });
+        }
+
         // Process AbuseIPDB settings
         if (array_key_exists('abuseipdb_settings', $this->request->post)) {
             $abuseipdb = $this->request->post['abuseipdb_settings'];

modules/core/output_modules.php

@@ -2396,6 +2396,39 @@ protected function output() {
     }
 }
 
+/**
+ * Option to enable/disable APWG phishing reporting
+ * @subpackage core/output
+ */
+class Hm_Output_apwg_enabled_setting extends Hm_Output_Module {
+    protected function output() {
+        $settings = $this->get('user_settings', array());
+        $enabled = get_setting_value($settings, 'apwg_enabled', false);
+        $checked = $enabled ? ' checked="checked"' : '';
+        $reset = $enabled ? '<span class="tooltip_restore" restore_aria_label="Restore default value"><i class="bi bi-arrow-counterclockwise refresh_list reset_default_value_checkbox"></i></span>' : '';
+        
+        return '<tr class="report_spam_setting"><td><label class="form-check-label" for="apwg_enabled">'.
+            $this->trans('Enable APWG phishing reporting').'</label></td>'.
+            '<td><input class="form-check-input" type="checkbox" '.$checked.' id="apwg_enabled" name="apwg_settings[enabled]" data-default-value="false" value="1" />'.$reset.'</td></tr>';
+    }
+}
+
+/**
+ * Option for APWG from email address
+ * @subpackage core/output
+ */
+class Hm_Output_apwg_from_email_setting extends Hm_Output_Module {
+    protected function output() {
+        $settings = $this->get('user_settings', array());
+        $email = get_setting_value($settings, 'apwg_from_email', '');
+        $reset = !empty($email) ? '<span class="tooltip_restore" restore_aria_label="Restore default value"><i class="bi bi-arrow-counterclockwise refresh_list reset_default_value_input"></i></span>' : '';
+        
+        return '<tr class="report_spam_setting"><td><label for="apwg_from_email">'.
+            $this->trans('From email address (optional)').'</label></td>'.
+            '<td class="d-flex"><input class="form-control form-control-sm" type="email" id="apwg_from_email" name="apwg_settings[from_email]" value="'.$this->html_safe($email).'" placeholder="'.$this->trans('Uses your IMAP email if not set').'" />'.$reset.'</td></tr>';
+    }
+}
+
 /**
  * Option for AbuseIPDB API key
  * @subpackage core/output

modules/core/setup.php

@@ -106,7 +106,9 @@
 add_output('settings', 'spamcop_enabled_setting', true, 'core', 'start_report_spam_settings', 'after');
 add_output('settings', 'spamcop_submission_email_setting', true, 'core', 'spamcop_enabled_setting', 'after');
 add_output('settings', 'spamcop_from_email_setting', true, 'core', 'spamcop_submission_email_setting', 'after');
-add_output('settings', 'abuseipdb_enabled_setting', true, 'core', 'spamcop_from_email_setting', 'after');
+add_output('settings', 'apwg_enabled_setting', true, 'core', 'spamcop_from_email_setting', 'after');
+add_output('settings', 'apwg_from_email_setting', true, 'core', 'apwg_enabled_setting', 'after');
+add_output('settings', 'abuseipdb_enabled_setting', true, 'core', 'apwg_from_email_setting', 'after');
 add_output('settings', 'abuseipdb_api_key_setting', true, 'core', 'abuseipdb_enabled_setting', 'after');
 add_output('settings', 'start_everything_settings', true, 'core', 'abuseipdb_api_key_setting', 'after');
 add_output('settings', 'all_since_setting', true, 'core', 'start_everything_settings', 'after');
@@ -368,6 +370,7 @@
         'images_whitelist' => FILTER_UNSAFE_RAW,
         'update' => FILTER_VALIDATE_BOOLEAN,
         'spamcop_settings' => array('filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FORCE_ARRAY),
+        'apwg_settings' => array('filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FORCE_ARRAY),
         'abuseipdb_settings' => array('filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FORCE_ARRAY),
     )
 );

modules/imap/functions.php

@@ -1705,7 +1705,24 @@ function normalize_spam_report_error($error_msg) {
         'AbuseIPDB validation error' => 'AbuseIPDB validation error. Please check your API key and configuration.',
         'AbuseIPDB error' => 'An error occurred while reporting to AbuseIPDB. Please try again later.',
         'Invalid response from AbuseIPDB' => 'Invalid response from AbuseIPDB. Please try again later.',
-        'cURL error' => 'Failed to connect to AbuseIPDB. Please check your internet connection.'
+        'cURL error' => 'Failed to connect to AbuseIPDB. Please check your internet connection.',
+        
+        // APWG error mappings
+        'APWG reporting is not enabled' => 'APWG reporting is not enabled. Please enable it in Settings.',
+        'No sender email address configured' => 'No sender email address configured. Please configure it in Settings.',
+        'Failed to send email to APWG' => 'Failed to send email to APWG. Please check your server mail configuration.',
+        'send email to APWG' => 'Failed to send email to APWG. Please check your server mail configuration.',
+        'SMTP error' => 'Failed to send email to APWG. The SMTP server did not accept the message. Please check your SMTP configuration.',
+        'SMTP server did not confirm delivery' => 'Failed to send email to APWG. The SMTP server did not confirm delivery (expected 250 OK response). Please try again later.',
+        'SMTP server did not accept' => 'Failed to send email to APWG. The SMTP server did not accept the message for delivery. Please check your SMTP configuration.',
+        'RCPT command failed' => 'Failed to send email to APWG. The recipient address may be invalid or rejected by the SMTP server.',
+        'DATA command failed' => 'Failed to send email to APWG. The SMTP server did not accept the message data. Please try again later.',
+        '250' => 'Email was successfully sent to APWG (250 OK response received).',
+        '550' => 'Failed to send email to APWG. The recipient address was rejected by the mail server (550 error).',
+        '551' => 'Failed to send email to APWG. The recipient address does not exist (551 error).',
+        '552' => 'Failed to send email to APWG. The mail server rejected the message due to size limits (552 error).',
+        '553' => 'Failed to send email to APWG. The recipient address format is invalid (553 error).',
+        '554' => 'Failed to send email to APWG. The mail server rejected the message (554 error).'
     );
 
     foreach ($error_mappings as $key => $message) {
@@ -1942,6 +1959,223 @@ function report_spam_to_spamcop($message_source, $reasons, $user_config, $sessio
     }
 }}
 
+/**
+ * Report phishing message to APWG (Anti-Phishing Working Group)
+ * Uses authenticated SMTP to ensure proper SPF/DKIM validation
+ * Must use the exact email address from the IMAP server where the message is located
+ */
+if (!hm_exists('report_spam_to_apwg')) {
+function report_spam_to_apwg($message_source, $reasons, $user_config, $session = null, $imap_server_email = '') {
+    $apwg_enabled = $user_config->get('apwg_enabled_setting', false);
+    if (!$apwg_enabled) {
+        return array('success' => false, 'error' => 'APWG reporting is not enabled');
+    }
+
+    $apwg_email = '[email protected]';
+
+    $sanitized_message = sanitize_message_for_spam_report($message_source, $user_config);
+
+    $from_email = $user_config->get('apwg_from_email_setting', '');
+    if (empty($from_email)) {
+        $from_email = $imap_server_email;
+    }
+
+    if (empty($from_email)) {
+        return array('success' => false, 'error' => 'No sender email address configured');
+    }
+
+    $subject = 'Phishing Report';
+
+    if (!class_exists('Hm_MIME_Msg')) {
+        $mime_file = (defined('APP_PATH') ? APP_PATH : dirname(__FILE__) . '/../') . 'modules/smtp/hm-mime-message.php';
+        if (file_exists($mime_file)) {
+            require_once $mime_file;
+        } else {
+            return array('success' => false, 'error' => 'SMTP module required for APWG reporting. Please enable the SMTP module.');
+        }
+    }
+
+    $file_dir = $user_config->get('attachment_dir', sys_get_temp_dir());
+    if (!is_dir($file_dir)) {
+        $file_dir = sys_get_temp_dir();
+    }
+
+    if ($file_dir !== sys_get_temp_dir() && $session) {
+        $user_dir = $file_dir . DIRECTORY_SEPARATOR . md5($session->get('username', 'default'));
+        if (!is_dir($user_dir)) {
+            @mkdir($user_dir, 0755, true);
+        }
+        $file_dir = $user_dir;
+    }
+    $temp_file = tempnam($file_dir, 'apwg_');
+    
+    if (class_exists('Hm_Crypt') && class_exists('Hm_Request_Key')) {
+        $encrypted_content = Hm_Crypt::ciphertext($sanitized_message, Hm_Request_Key::generate());
+        file_put_contents($temp_file, $encrypted_content);
+    } else {
+        file_put_contents($temp_file, $sanitized_message);
+    }
+    
+    $body = '';
+    $mime = new Hm_MIME_Msg($apwg_email, $subject, $body, $from_email, false, '', '', '', '', $from_email);
+    
+    $attachment = array(
+        'name' => 'phishing.eml',
+        'type' => 'message/rfc822',
+        'size' => strlen($sanitized_message),
+        'filename' => $temp_file
+    );
+    
+    $mime->add_attachments(array($attachment));
+
+    $mime_message = $mime->get_mime_msg();
+    
+    $mime_message = preg_replace('/\r\n\r\n+/', "\r\n\r\n", $mime_message);
+    
+    $parts = explode("\r\n\r\n", $mime_message, 2);
+    $mime_body = isset($parts[1]) ? $parts[1] : '';
+    
+    $boundary = '';
+    if (preg_match('/^--([A-Za-z0-9]+)/m', $mime_body, $boundary_match)) {
+        $boundary = $boundary_match[1];
+    }
+    
+    if (!empty($boundary)) {
+        $pattern = '/(--' . preg_quote($boundary, '/') . '\r\nContent-Type: message\/rfc822[^\r\n]*\r\n(?:[^\r\n]*\r\n)*?Content-Transfer-Encoding: )7bit(\r\n\r\n)(.*?)(\r\n--' . preg_quote($boundary, '/') . '(?:--)?)/s';
+        
+        if (preg_match($pattern, $mime_message, $matches)) {
+            $attachment_content = rtrim($matches[3], "\r\n");
+            $encoded_content = chunk_split(base64_encode($attachment_content));
+            $mime_message = preg_replace($pattern, '$1base64$2' . $encoded_content . '$4', $mime_message);
+        } elseif (defined('DEBUG_MODE') && DEBUG_MODE) {
+            Hm_Debug::add('APWG: Warning - Could not fix encoding from 7bit to base64', 'warning');
+        }
+    }
+    
+    @unlink($temp_file);
+    
+    $parts = explode("\r\n\r\n", $mime_message, 2);
+    $all_headers = isset($parts[0]) ? $parts[0] : '';
+    $mime_body = isset($parts[1]) ? $parts[1] : '';
+    
+    if (empty($boundary) && preg_match('/^--([A-Za-z0-9]+)/m', $mime_body, $boundary_match)) {
+        $boundary = $boundary_match[1];
+    }
+    
+    $headers = array();
+    $header_lines = explode("\r\n", $all_headers);
+    foreach ($header_lines as $line) {
+        if (preg_match('/^(From|Reply-To|MIME-Version|Content-Type):/i', $line)) {
+            if (preg_match('/^Content-Type:/i', $line) && !empty($boundary)) {
+                $headers[] = 'Content-Type: multipart/mixed; boundary="' . $boundary . '"';
+            } else {
+                $headers[] = $line;
+            }
+        }
+    }
+    
+    if (!class_exists('Hm_SMTP_List')) {
+        $smtp_file = (defined('APP_PATH') ? APP_PATH : dirname(__FILE__) . '/../') . 'modules/smtp/hm-smtp.php';
+        if (file_exists($smtp_file)) {
+            require_once $smtp_file;
+        }
+    }
+    
+    if ($session !== null && class_exists('Hm_SMTP_List')) {
+        try {
+            Hm_SMTP_List::init($user_config, $session);
+            
+            $smtp_servers = Hm_SMTP_List::dump();
+            $smtp_id = false;
+            foreach ($smtp_servers as $id => $server) {
+                if (isset($server['user']) && strtolower(trim($server['user'])) === strtolower(trim($from_email))) {
+                    $smtp_id = $id;
+                    break;
+                }
+            }
+            
+            if ($smtp_id === false && !empty($smtp_servers)) {
+                $smtp_id = key($smtp_servers);
+            }
+            
+            if ($smtp_id !== false) {
+                $mailbox = Hm_SMTP_List::connect($smtp_id, false);
+                if ($mailbox && $mailbox->authed()) {
+                    $smtp_headers = array();
+                    $smtp_headers[] = 'From: ' . $from_email;
+                    $smtp_headers[] = 'Reply-To: ' . $from_email;
+                    $smtp_headers[] = 'To: ' . $apwg_email;
+                    $smtp_headers[] = 'Subject: ' . $subject;
+                    $smtp_headers[] = 'MIME-Version: 1.0';
+                    if (!empty($boundary)) {
+                        $smtp_headers[] = 'Content-Type: multipart/mixed; boundary="' . $boundary . '"';
+                    }
+                    $smtp_headers[] = 'Date: ' . date('r');
+                    $smtp_headers[] = 'Message-ID: <' . md5(uniqid(rand(), true)) . '@' . php_uname('n') . '>';
+                    
+                    $smtp_message = implode("\r\n", $smtp_headers) . "\r\n\r\n" . $mime_body;
+                    
+                    $err_msg = $mailbox->send_message($from_email, array($apwg_email), $smtp_message);
+                    
+                    if ($err_msg === false) {
+                        // 250 OK response - APWG mail server accepted the email for delivery
+                        if (defined('DEBUG_MODE') && DEBUG_MODE) {
+                            Hm_Debug::add('APWG: Email accepted by SMTP server (250 OK)', 'info');
+                        }
+                        return array('success' => true);
+                    } else {
+                        // SMTP error - log the response for debugging
+                        if (defined('DEBUG_MODE') && DEBUG_MODE) {
+                            Hm_Debug::add(sprintf('APWG: SMTP send failed: %s', $err_msg), 'warning');
+                        }
+                        // Return error with SMTP response details
+                        return array('success' => false, 'error' => sprintf('Failed to send email to APWG. SMTP error: %s', $err_msg));
+                    }
+                } elseif (defined('DEBUG_MODE') && DEBUG_MODE) {
+                    Hm_Debug::add(sprintf('APWG: SMTP connection failed for server ID %s', $smtp_id), 'warning');
+                }
+            }
+        } catch (Exception $e) {
+            if (defined('DEBUG_MODE') && DEBUG_MODE) {
+                Hm_Debug::add(sprintf('APWG: SMTP exception: %s', $e->getMessage()), 'error');
+            }
+        }
+    }
+    
+    $timeout = 10;
+    $old_timeout = ini_get('default_socket_timeout');
+    ini_set('default_socket_timeout', $timeout);
+
+    try {
+        $mail_sent = @mail($apwg_email, $subject, $mime_body, implode("\r\n", $headers));
+        
+        ini_set('default_socket_timeout', $old_timeout);
+        
+        if ($mail_sent) {
+            if (defined('DEBUG_MODE') && DEBUG_MODE) {
+                Hm_Debug::add('APWG: mail() function returned true (delivery status unknown - no SMTP response available)', 'info');
+            }
+            return array('success' => true);
+        } else {
+            $error = 'Failed to send email to APWG. Please ensure your server has valid SPF/DKIM records or configure an SMTP server.';
+            if (defined('DEBUG_MODE') && DEBUG_MODE) {
+                Hm_Debug::add('APWG: mail() function returned false', 'error');
+                $last_error = error_get_last();
+                if ($last_error) {
+                    Hm_Debug::add(sprintf('APWG: PHP error: %s', $last_error['message']), 'error');
+                }
+            }
+            return array('success' => false, 'error' => $error);
+        }
+    } catch (Exception $e) {
+        ini_set('default_socket_timeout', $old_timeout);
+        if (defined('DEBUG_MODE') && DEBUG_MODE) {
+            Hm_Debug::add(sprintf('APWG: Exception in mail(): %s', $e->getMessage()), 'error');
+        }
+        return array('success' => false, 'error' => $e->getMessage());
+    }
+}}
+
 /**
  * Sanitize message source for spam reporting
  */

modules/imap/handler_modules.php

@@ -2236,13 +2236,18 @@ public function process() {
         $services_to_report = array();
         $service_names = array(
             'spamcop' => 'SpamCop',
+            'apwg' => 'APWG',
             'abuseipdb' => 'AbuseIPDB'
         );
 
         if ($this->user_config->get('spamcop_enabled_setting', false)) {
             $services_to_report[] = 'spamcop';
         }
 
+        if ($this->user_config->get('apwg_enabled_setting', false)) {
+            $services_to_report[] = 'apwg';
+        }
+
         if ($this->user_config->get('abuseipdb_enabled_setting', false)) {
             $services_to_report[] = 'abuseipdb';
         }